clearn.png
Thursday October 28th, 2021 3:40AM

US recovers most of ransom paid after Colonial Pipeline hack

By The Associated Press
Related Articles
  Contact Editor

WASHINGTON (AP) — The Justice Department has recovered most of a multimillion-dollar ransom payment made to hackers after a cyberattack that caused the operator of the nation's largest fuel pipeline to halt its operations last month, officials said Monday.

The operation to seize cryptocurrency paid to the Russia-based hacker group is the first of its kind to be undertaken by a specialized ransomware task force created by the Biden administration Justice Department. It reflects a rare victory in the fight against ransomware as U.S. officials scramble to confront a rapidly accelerating threat targeting critical industries around the world.

“By going after the entire ecosystem that fuels ransomware and digital extortion attacks — including criminal proceeds in the form of digital currency — we will continue to use all of our resources to increase the cost and consequences of ransomware and other cyber-based attacks,” Deputy Attorney General Lisa Monaco said at a news conference announcing the operation.

Georgia-based Colonial Pipeline, which supplies roughly half the fuel consumed on the East Coast, temporarily shut down its operations on May 7 after a gang of cybercriminals using the DarkSide ransomware variant broke into the company's computer system. The ransomware variant used by DarkSide, which has been the subject of an FBI investigation since last year, is one of more than 100 that law enforcement officials are now scrutinizing, said FBI Deputy Director Paul Abbate.

Colonial officials have said they took their pipeline system offline before the attack could spread to its operating system, and decided soon after to pay ransom of 75 bitcoin — then valued at roughly $4.4 million — in hopes of bringing itself back online as soon as it could. The company's president and chief executive, Joseph Blount, is set to testify before congressional panels this week.

In a statement Monday, Blount said he was grateful for the FBI's efforts and said holding hackers accountable and disrupting their activities "is the best way to deter and defend against future attacks of this nature.

“The private sector also has an equally important role to play and we must continue to take cyber threats seriously and invest accordingly to harden our defenses,” he added.

Cryptocurrency is favored by cybercriminals because it enables direct online payments regardless of geographical location, but in this case, the FBI was able to identify a virtual currency wallet used by the hackers and recovered the proceeds from there, said the FBI’s Abbate. The Justice Department did not provide details about how the FBI had obtained a “key” for the specific bitcoin address, but said law enforcement had been able to track multiple transfers of the cryptocurrency.

“For financially motivated cyber criminals, especially those presumably located overseas, cutting off access to revenue is one of the most impactful consequences we can impose,” Abbate said.

Though the FBI generally discourages the payment of ransom, fearing it could encourage additional hacks, Monaco said one takeaway for the private sector is that if companies come quickly to law enforcement after ransomware incidents, officials may be able to again help recover funds — though that is not guaranteed.

The Bitcoin amount seized — 63.7, currently valued at $2.3 million after the price of Bitcoin tumbled— amounted to 85% of the total ransom paid, which is the exact amount that the cryptocurrency-tracking firm Elliptic says it believes was the take of the affiliate who carried out the attack. The ransomware software provider, DarkSide, would have gotten the other 15%.

“The extortionists will never see this money,” said Stephanie Hinds, the acting U.S. attorney for the Northern District of California, where a judge earlier Monday authorized the seizure warrant.

Ransomware attacks — in which hackers encrypt a victim organization's data and demand a hefty sum for returning the information — have flourished across the globe. Last year was the costliest on record for such attacks. Hackers have targeted vital industries, as well as hospitals and police departments.

Weeks after the Colonial Pipeline attack, a ransomware attack attributed to REvil, a Russian-speaking gang that has made some of the largest ransomware demands on record in recent months, disrupted production at Brazil’s JBS SA, the world's largest meat processing company.

The ransomware business has evolved into a highly compartmentalized racket, with labor divided among the provider of the software that locks data, ransom negotiators, hackers who break into targeted networks, hackers skilled at moving undetected through those systems and exfiltrating sensitive data — and even call centers in India employed to threaten people whose data was stolen to pressure for extortion payments.

_____

Associated Press writer Frank Bajak in Boston contributed to this report.

___

Follow Eric Tucker on Twitter at http://www.twitter.com/etuckerAP

  • Associated Categories: Homepage, Local/State News, Associated Press (AP), AP National News, Top General short headlines, AP Online Headlines - Washington, AP Business, AP Online - Georgia News, AP Business - Financial Markets, AP Technology News
© Copyright 2021 AccessWDUN.com
All rights reserved. This material may not be published, broadcast, rewritten, or redistributed without permission.
US recovers most of ransom paid after Colonial Pipeline hack
The Justice Department has recovered the majority of a multimillion-dollar ransom payment to hackers after a cyberattack that caused the operator of the nation’s largest fuel pipeline to halt its operations last month
5:48PM ( 13 minutes ago )
Canadian police say Muslim family targeted by deadly attack
Police in London, Ontario, say a driver plowed a pickup truck into a family of five, killing four of them and seriously injuring the other in an attack that targeted the victims because they were Muslims
5:27PM ( 34 minutes ago )
FDA approves much-debated Alzheimer’s drug panned by experts
Government health officials have approved the first drug that they say may help slow Alzheimer’s disease
5:20PM ( 41 minutes ago )
Associated Press (AP)
The Latest: Cruise line plans Florida sailings, vaccine rule
Miami-based Norwegian Cruise Line Holdings has announced plans to set sail from two Florida ports while requiring guests be fully vaccinated against COVID-19
4:50PM ( 1 hour ago )
GOP chair expects former Nevada AG Laxalt to run for Senate
The head of the Senate Republican political arm says he expects former Nevada Attorney General Adam Laxalt to challenge Democratic Sen. Catherine Cortez Masto of Nevada next year
4:49PM ( 1 hour ago )
Full volume: White House briefing room back to crammed again
The White House briefing room on Monday might have been a fire marshal’s nightmare
4:03PM ( 1 hour ago )
AP Online Headlines - Washington
Oil pipeline foes protest Enbridge's Line 3 in Minnesota
Environmental and tribal groups opposed to Enbridge Energy’s ongoing effort to replace its aging Line 3 crude oil pipeline have gathered near the headwaters of the Mississippi River in northern Minnesota
4:51PM ( 1 hour ago )
Auto, student loans fuel April rise in US consumer borrowing
U.S. consumer borrowing rose by $18.6 billion in April, fueled by a big rise in auto and student loans that offset a drop in credit card use
4:50PM ( 1 hour ago )
US stocks claw back much of an early loss and finish mixed
Stocks clawed back much of their early losses and ended mixed on Wall Street Monday
4:31PM ( 1 hour ago )
AP Business
Stocks slip on Wall Street, pulling back from record highs
Stocks edged lower in afternoon trading Monday after briefly approaching the record highs they reached a month ago
2:55PM ( 3 hours ago )
Daughter of imprisoned ex-president leads Peru's election
The daughter of an imprisoned former president is maintaining a razor thin advantage over her opponent in the race for Peru’s presidency
12:25PM ( 5 hours ago )
Bosch opens $1.2B semiconductor factory in eastern Germany
German technology company Bosch has opened a $1.2 billion computer chip factory in the eastern city of Dresden to help meet the growing demand for semiconductors
12:24PM ( 5 hours ago )
AP Business - Financial Markets
Canadian police say Muslim family targeted by deadly attack
Police in London, Ontario, say a driver plowed a pickup truck into a family of five, killing four of them and seriously injuring the other in an attack that targeted the victims because they were Muslims
5:27PM ( 34 minutes ago )
FDA approves much-debated Alzheimer’s drug panned by experts
Government health officials have approved the first drug that they say may help slow Alzheimer’s disease
5:20PM ( 41 minutes ago )
Young shines for confident Hawks under playoff pressure
Trae Young continues to shine as a playoff leader for the Atlanta Hawks
5:15PM ( 46 minutes ago )
AP Interview: Scott says final score on Pac-12 tenure TBD
Larry Scott’s 11-year tenure as Pac-12 commissioner is in its final month
5:11PM ( 50 minutes ago )
Helio doesn't parlay Indy 500 win into seat at Detroit
Helio Castroneves is trying to get back into the IndyCar Series fulltime
5:04PM ( 58 minutes ago )